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We present here an algorithm for factoring a given polynomial over 
GF(q) into powers of irreducible polynomials. The method reduces the 
factorization of a polynomial of degree m over GF(q) to the solution of 
about m(q — \)/q linear equations in as many unknowns over GF{q). 

There are many applications in which one wishes to factor poly- 
nomials. Some programming systems, such as Brown's ALPAK, 1 deal 
with polynomials and rational functions with integer coefficients. In 
such a context one is interested not in approximate numerical values 
for the real and complex roots, but rather in irreducible factors which 
are themselves polynomials with integer coefficients. One of the stand- 
ard tricks mentioned by Johnson 2 for finding such irreducible factors 
is to reduce all of the coefficients of the original polynomial modulo 
some prime, p, and then factor the reduced polynomial over the Galois 
Field, GF(p). If the reduced polynomial factors, one gets certain 
constraints on the factors of the original polynomial; if the reduced 
polynomial does not factor over GFip), then one may conclude that 
the original polynomial is irreducible over the integers. The success 
of this method for factoring polynomials over the integers clearly de- 
pends upon having an efficient procedure for factoring polynomials 
over GF(p). 

The problem of factoring polynomials over finite fields arises di- 
rectly in Golomb's study 3 of feedback shift register sequences. In 
Golomb's words, this study ". . . has found major applications in a wide 
variety of technological situations, including secure, reliable and ef- 
ficient communications, digital ranging and tracking systems, deter- 
ministic simulation of random processes, and computer sequencing and 
timing schemes." The properties of all cyclic error correcting codes, 
including the important Bose-Chaudhuri 4 -Hocquenghem 5 codes, de- 
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pend on the factors of their generator polynomials in some finite field. 
Such codes have been studied extensively by Peterson and Mac- 
Williams. 7 Recent advances in decoding techniques by Berlekamp 8 
make these codes even more attractive from the practical standpoint. 
We present here an algorithm for factoring a given polynomial, 

m = t,1#\ fi*GF(q), 

k = 

into powers of irreducible polynomials. 

First, we construct the m X m matrix Q over GF{q), whose zth 
row represents z a(,_1) reduced modulo /(z). Specifically, 

The Q matrix may be computed with a shift register wired to multiply 
by z mod /(z). The register is started at 1, which is the first row of Q. 
After q shifts, the register contains the second row of Q; after q more 
shifts, it contains the third row of Q, • • • , etc. After q(m — 1) shifts, 
it contains the last row of Q. 

Given any polynomial g(z) of degree < m over GF(q), g(z) = 2J$Z I 9< z > 
we may compute the residue of (g(z)) Q mod /(z) by multiplying the 
row vector [g , Gi , ■ • • , 0m- 1] by the Q matrix. This follows from the 
observation that 



= Zl 1 S QiQi+i.i 

k-0 \ i=0 

Similarly, we could compute (g(z)) a - g(z) mod /(z) by multiplying 
the row vector [g , g x , • • • , g m -i] by the matrix (Q — I), where I 
is the m X m identity matrix over GF(q) . 

Second, we find a set of row vectors which span the null space of 
(Q — I). This may be done by appropriate column operations on the 
matrix (Q — I). s Each such row vector in the null space of (Q — I) 
represents a polynomial g(z) which satisfies the equation (g(z)) Q — 
g{z) = mod /(z), and conversely, each g(z) which satisfies this equa- 
tion is represented by a row vector in the null space of (Q — 7). 

Third, we select any of the polynomials g(z) found in the second step, 
and apply Euclid's algorithm to determine the greatest common 
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divisor of /(z) and g(z) — s for each s e GF(q)* We then have the 
factorization 

m = II (g-cd. (/(*), g{z) - a)). 

itGF(a) 

Remark: If g(z) is a scalar, then this factorization degenerates into 
f(z) = g.c.d. (/(*), 0) Ilg-cd. (b(z),s) 

= /(*)ITi. 

■p<0 

However, if g(z) has positive degree, then the factorization is non- 
trivial. 

Prooj: Since (g(z)) Q - g(z) = mod /(z), f(z) divides (g(z)Y - 
Q( z ) = H>,GFM(g(z)) - s. Therefore, /(z) also divides 

IL.cr<«>(g- c - d - (K z )> 9(z) - s)). 



On the other hand, g.c.d. (/(z), g(z) — s) divides /(z). If s 9± t, and 
s, t t GF(q), then g(z) — s and g(z) — t are relatively prime, as are 
g.c.d. (/(z), g(z) - s), and g.c.d. (/(z), <7(z) - f)- Therefore, 

ILc^ (a )(g-c.d. (/(z), f7(z) - s)) 

divides /(z). Assuming both polynomials to be monic, they must be 
equal since each divides the other. Q.E.D. 

Example I: Let /(z) be the binary polynomial 1110001110001, or /(z) = 
1 + z + z 2 + z 6 + z 7 -}- z 8 + .t 12 . The successive powers of z are 

100000000000 111000111000 

010000000000 011100011100 

001000000000 001110001110 

000100000000 000111000111 

000010000000 111011011011 

000001000000 100101010101 

000000100000 101010010010 

000000010000 010101001001 

000000001000 110010011100 

000000000100 011001001110 

000000000010 001100100111 
000000000001 



* In practice, there is no need to perform all of Euclid's Algorithm q separate 
times to determine all of the g.c.d. 's. A short cut will be seen in the example. 
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100000000000 000000000000 

001000000000 011000000000 

000010000000 001010000000 

000000100000 000100100000 

000000001000 000010001000 

so 000000000010 and 000001000010 

Q = 111000111000 Q - I = 111000011000. 

001110001110 001110011110 

111011011011 111011010011 

101010010010 101010010110 

110010011100 110010011110 

001100100111 001100100110 

If we number the columns of Q — I from to 11, then the upper 
right quarter of the Q — I matrix may be zeroed if we add the 3rd 
column to the 6th column, the 1st, 2nd, and 4th columns to the 8th 
column, and the 5th column to the 10th column. The lower right 
quarter of the Q — I matrix then becomes 

011000 

111110 

011001 

010110" 

011110 

001110 

The equation [g e , g 7 , • • • , g u ]R = is found to have solutions 
foe , 07 , • • • , 9u] = [A, 0, 0, A, 0, A] where A = or 1. The first six 
coordinants of g are then readily found from the equation g(Q — I) =0, 
with solutions g = [B, A, 0, A, A, 0, A, 0, 0, A, 0, A]) A, B t GF(2). 
Finally, we apply Euclid's algorithm to f(z) = 1110001110001 and 
g(z) = slOl 10100101. By letting t = 8 + 1, and leaving s as an in- 
determinate, we may effectively find the g.c.d. of 111000111001 and 
010110100101 with the same computation that computes the g.c.d. 
of 111000111001 and 110110100101: 

1110001110001 
slOllOlOOlOl 
1 /001110101 
SlOllOlOOlOl 
sOttllOl 
H001110101 
l^OslsOl 

soanoi 
ttttot 
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If t = 0, the g.c.d. is 10011101; if s = 0, the g.c.d. of 1110001110001 
and 010110100101 is equal to the g.c.d. of 111101 and 11001001, which 
is 111101. Both 111101 and 10011101 are irreducible and the factoriza- 
tion is complete: 

(1 + Z + Z~ + Z 6 + Z 7 + Z* + z' 2 ) 

= (1 + z + z- + z 3 + z 5 )(l + z 3 + z 4 + z h + z) over GF(2). 

In general, suppose f(z) = JJ, (p c,) (z)) e *', where each p (,) (z) is 
an irreducible polynomial over GF(q). Then f(z) divides 

if each (p (,) (z))" divides g(z) — s, for some s, t GF(q). On the other 
hand, given any set of scalars s x , s 3 , • • • , s n e GF(q), then the Chinese 
remainder theorem guarantees the existence of a unique g(z) mod /(z) 
such that g(z) = s { mod (p (,) (z))" for all i. Since there are q n choices 
of s, , s 2 , • • • , s„ , there are exactly q n solutions of the equation (g(z)) Q — 
g{z) b mod /(z). Therefore, 

The number of distinct irreducible factors of f(z) is equal to the dimen- 
sion of the null space of (Q — I). 

In particular, the polynomial /(z) is the power of an irreducible 
polynomial iff the null space of (Q — I) has dimension 1. In this case, 
the only solutions of (g(z)) Q — g(z) = mod /(z) are scalars in GF(q), 
and the null space of Q — I contains only vectors of the form 
[s, 0, 0, • • • , 0]. If the null space of Q — I has dimension n, it has a 
basis consisting of n monic polynomials: g m (z), g w (z), ••• , g in) {z). 
Without loss of generality, we may assume that g in) (z) = 1 and that 
the other n — 1 basis polynomials have positive degree. 

When we apply Euclid's algorithm to /(z) and g a) (z) — s, we obtain 
a factorization of /(z). If this gives fewer than n factors of /(z), then 
we may compute the g.c.d. of g m {z) — s and each known factor of 
/(z). By this process, we may continue to refine the factorization of 
/(z). The following argument shows that this process must eventually 
yield all n irreducible-powers which are factors of /(z). 

Let C be the n X n matrix over GF(q) defined by the equations 
g''\z) = C it j mod (p (,) (z))". Then C must be nonsingular. For if 
£,- AfCt.i = for all i, then £,• A ig u \z) ss mod (p ( * } (z))" for 
all i, whence ^,- Ajg l '\z) = 0, contradicting the linear independence 
of g ll) (z), g i2) (z), ••• , g M (z)- When we apply Euclid's algorithm to 
/(z) and g (,) (z) — s, we obtain a factorization of /(z) into as many 
different factors as there are distinct elements in the jth row of C. 
The irreducible-powers (p (,) (z))" and (p (i) (z))'* are separated iff C« ,/ 5^ 
C k ,i • Since C is nonsingular, for every i and k there exists some ; such 



1858 THE BELL SYSTEM TECHNICAL JOURNAL, OCTOBER 1967 



that C,,| 9± C k .i. Thus, any two irreducible-power factors of /(z) 
will be separated by some <7 0) (z). 

The factorization of any power of an irreducible polynomial is 
readily accomplished by applying Euclid's algorithm to the poly- 
nomial and its derivative. 

We conclude with another example. 

Example II: Following a suggestion of R. L. Graham, we let /(z) = 
z" — 1 over GF(q), where n and q are relatively prime. Then Q i + l ,, + i = 1 
if qi =j mod n. Specifically, suppose n = 15 and q = 2. Then 



100000000000000 






000000000000000 





001000000000000 011000000000000 


1 


000010000000000 001010000000000 


2 


000000100000000 000100100000000 


3 


000000001000000 000010001000000 


4 


000000000010000 000001000010000 


5 


000000000000100 000000100000100 


G 


Q = 000000000000001 Q - I = 000000010000001 


7- 


010000000000000 010000001000000 


8 


000100000000000 000100000100000 


9 


000001000000000 000001000010000 


10 


000000010000000 000000010001000 


11 


000000000100000 000000000100100 


12 


000000000001000 000000000001010 


13 


000000000000010 000000000000011 


14 


By suitably permuting the rows and columns, we can bring Q — I 


into the form 







0000 


0000 


0000 


00 







1100 


0000 


0000 


00 1 







0110 


0000 


0000 


00 2 







0011 


0000 


0000 


00 4 







1001 


0000 


0000 


00 8 







0000 


1100 


0000 


00 7 







0000 


0110 


0000 


00 14 







0000 


0011 


0000 


00 13 







0000 


1001 


0000 


00 11 







0000 


0000 


1100 


00 3 







0000 


0000 


0110 


00 6 







0000 


0000 


0011 


00 12 







0000 


0000 


1001 


00 9 







0000 


0000 


0000 


11 5 







0000 


0000 


0000 


11 10 
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A basis for the null space of Q — I is seen to be 

g w (z) = z + z 2 +z* +z B 

g (2) (z) =z 7 + z 14 + z 13 + z 11 

g w (z) =z 3 +z«+ z 12 + z 9 

g«\z) = z 5 + z 10 . 
In general, if /(z) = z n — 1 over GF(q), then we may choose 

ktC 

where C is any set of numbers which is closed under multiplication 
by q mod n. Each such polynomial g{z) has some nontrivial factor in 
common with z n — 1. 
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